VARIoT IoT vulnerabilities database

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. An attacker could use the vulnerability to make a call, send a text message, or post a command. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy S4 through S6 devices are vulnerable

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services. Juniper Networks NorthStar Controller The application contains a resource management vulnerability.Unauthorized local user disrupts service operation (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A denial of service vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. A local attacker can exploit this vulnerability to cause a denial of service

Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. Samsungwssyncmlnps is a software update service in Samsung's smartphones in South Korea. Kiesrestore is one of the system recovery features. An attacker could exploit this vulnerability to write to any file

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.By the attacker, AT By using access to AT A command may be sent. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Moxa AWK-3131A Wireless AP Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules. An attacker could exploit this vulnerability to gain access to a session token and use the token to log in

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. Moxa AWK-3131A Wireless AP Contains an injection vulnerability.Information may be tampered with. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the WebApplication feature of MoxaAWK-3131A in version 1.1 firmware

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. An HTTP denial of service vulnerability exists in the WebApplication feature of MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware. There is no..

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. The functionality exposed by serviceAgent is accessible by using a freely-available Windows application (Moxa Windows Search Utility) or with custom scripts. In addition, the service does..

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa

An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. Vendors have confirmed this vulnerability SVE-2015-5081 It is released as.An attacker could read a sent email message. The Samsung SM-G920F (Galaxy S6) is a Samsung smartphone from South Korea. SecEmailSync is one of the mail sync plugins. An information disclosure vulnerability exists in SecEmailSync in the SamsungSM-G920FbuildG920FXXU2COH2 release. Samsung SecEmailSync is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Vendors have confirmed this vulnerability SVE-2015-5081 It is released as.SQL An injection attack may be performed. SecEmailSync is one of the mail sync plugins. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands. Samsung SecEmailSync is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. SamsungkernelforAndroidonSM-N9005 (Note3) and SM-G920F (GalaxyS6) are the cores of Samsung's Android system running on SM-N9005 (Note3) and SM-G920F (GalaxyS6) (smartphone). Secfilter is one of the URL parsing filter plugins. An input validation vulnerability exists in the secfilter of Samsungkernel for Android in SamsungSM-N9005 (Note3) and SM-G920F (GalaxyS6). Samsung kernel for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) are both Korean Samsung (Samsung) running on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) (smart phones) The kernel of the Android system in. There is a security vulnerability in the secfilter of Samsung kernel for Android in Samsung SM-N9005(Note 3) and SM-G920F(Galaxy S6). The following products and versions are affected: Samsung SM-N9005 build N9005XXUGBOB6 (Note 3) version; SM-G920F build G920FXXU2COH2 (Galaxy S6) version

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. An attacker could use the vulnerability to make a call, send a text message, or post a command. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.The attacker can Linux By connecting to the host, AT A command may be sent. AndroidforSamsungGalaxyS6Edge is a Linux-based open source operating system developed by Samsung and the Open Handheld Device Alliance (OHA) in the United States for smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in multiple SamsungGalaxy products. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations. This may lead to further attacks

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. GPUdriver is one of the graphics drivers. A refusal service vulnerability exists in the GPU drivers in HuaweiP7 and P8 Youth. An attacker could exploit the vulnerability to trick the phone system into crashes by tricking the user into installing a malicious application and entering an illegal parameter into the product's graphics processing unit (GPU) driver. The following products and versions are affected: Huawei P7-L00C17B851 earlier, P7-L05C00B851 earlier, P7-L09C92B851 earlier; P8 Youth Edition ALE-UL00B211 earlier

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. An attacker could use the vulnerability to enter an illegal parameter into the camera driver by tricking the user into installing a malicious application and obtaining the system or camera privileges of the device, causing the system to crash. The following products and versions are affected: Huawei P7 earlier than P7-L00C17B851, earlier than P7-L05C00B851, earlier than P7-L09C92B851; P8 Youth Edition earlier than ALE-UL00B211

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. Both the Samsung Note 3 and the Galaxy S6 are smartphones released by the South Korean company Samsung. There are security flaws in the Samsung Note 3 and Galaxy S6. An attacker can exploit this vulnerability to cause a denial of service (null pointer backreference) by sending an HTTP request that does not contain a URL